Source:
ChatGPT:
The attack exploits a weakness in Tangem's firmware running on an EAL6+ secure element. By exposing the chip, attaching custom hardware and firing a precisely timed nanosecond laser pulse at a specific location, researchers bypassed a firmware check that normally verifies whether the card is in recovery mode. This allowed them to assign a new password without knowing the original password or possessing a backup card. Once completed, the attacker could sign transactions and transfer cryptocurrency. (Ledger Donjon)
Ledger Donjon stressed that the attack is highly impractical for ordinary criminals. It requires physical possession of the card, invasive modification that permanently damages the device, roughly US$250,000 worth of laboratory equipment, side-channel analysis tools and advanced hardware security expertise. Researchers successfully repeated the attack on multiple cards, with each exploit taking around two hours once the process had been established. Since Tangem cards cannot receive firmware updates, the vulnerability cannot be patched through software. (Ledger Donjon)
Tangem disputed the practical significance of the findings, arguing the risk to everyday users is "virtually non-existent." The company noted that Ledger Donjon operates within competitor Ledger and said similar attacks could eventually be developed against any secure element given sufficient resources. Tangem maintains that users who keep their cards secure are unlikely to face any realistic threat, although Ledger advises that lost or stolen cards present the primary risk scenario. (Ledger Donjon)
Social media and forum discussions
Most discussion occurred in r/Tangem and r/ledgerwallet.
Opinion was divided:
Some viewed the disclosure as a legitimate hardware vulnerability because it has been demonstrated repeatedly.
Others argued the attack is unrealistic due to the US$250,000 lab setup and physical access requirements.
Several users questioned whether Tangem should offer upgraded cards despite the low practical risk. (Reddit)
HardwareZone
No significant discussion thread was found as of 11 July 2026.
X (Twitter)
Crypto security accounts widely shared the research.
Debate centred on whether the issue represents a serious security flaw or an academic proof-of-concept.
Some criticised Tangem's lack of firmware updates, while others defended the product because the attack cannot be performed remotely. (Ledger Donjon)
Limited discussion, mostly news reposts with comments advising users not to lose their hardware wallets.
Crypto creators summarised the research, emphasising that physical possession is required and everyday users are unlikely to be targeted.
TikTok
Small number of crypto videos explained the "laser hack." Most concluded that although technically impressive, it poses little risk to average holders.
Threads
Users discussed whether immutable firmware is a security strength or weakness. Many said the inability to patch vulnerabilities is the more concerning aspect.
Overall sentiment
Sentiment is mixed but calm. Security researchers praised Ledger Donjon's technical achievement and transparency, while Tangem supporters argued the exploit has little real-world impact because it requires expensive equipment, specialist skills and physical possession of the wallet. The broad consensus is that users who keep their Tangem cards secure face minimal risk, but owners of high-value wallets should take extra care to prevent theft or loss.











